In NET_4_0 mode, the SecurityCritical attribute must be applied to implementations of ISerializable.GetObjectData(). I believe this prevents use under partial trust. Maybe we should implement the new ISafeSerializationData interface instead.

oskarb · oskarb · commit ede654240a54 · 2012-10-06T16:33:05.000+02:00
diff --git a/src/NHibernate/ADOException.cs b/src/NHibernate/ADOException.cs
@@ -1,5 +1,6 @@
 using System;
-using System.Runtime.Serialization;
+using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -57,6 +58,9 @@ protected ADOException(SerializationInfo info, StreamingContext context) : base(
 
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/AdoNet/ConnectionManager.cs b/src/NHibernate/AdoNet/ConnectionManager.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Data;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 using NHibernate.Engine;
@@ -294,6 +295,9 @@ private ConnectionManager(SerializationInfo info, StreamingContext context)
 
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags = SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			info.AddValue("ownConnection", ownConnection);
diff --git a/src/NHibernate/AdoNet/TooManyRowsAffectedException.cs b/src/NHibernate/AdoNet/TooManyRowsAffectedException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate.AdoNet
@@ -26,6 +27,9 @@ protected TooManyRowsAffectedException(SerializationInfo info, StreamingContext
 
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/Cfg/Configuration.cs b/src/NHibernate/Cfg/Configuration.cs
@@ -6,6 +6,7 @@
 using System.IO;
 using System.Linq;
 using System.Reflection;
+using System.Security;
 using System.Text;
 using System.Xml;
 using System.Xml.Schema;
@@ -123,6 +124,9 @@ private T GetSerialedObject<T>(SerializationInfo info, string name)
 			return (T)info.GetValue(name, typeof(T));
 		}
 
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			ConfigureProxyFactoryFactory();
diff --git a/src/NHibernate/Engine/StatefulPersistenceContext.cs b/src/NHibernate/Engine/StatefulPersistenceContext.cs
@@ -2,6 +2,7 @@
 using System.Collections;
 using System.Collections.Generic;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using System.Text;
 using Iesi.Collections.Generic;
@@ -1496,6 +1497,9 @@ internal StatefulPersistenceContext(SerializationInfo info, StreamingContext con
 		}
 
 		[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			log.Debug("serializing persistent-context");
diff --git a/src/NHibernate/Impl/SessionFactoryImpl.cs b/src/NHibernate/Impl/SessionFactoryImpl.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Data;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Text;
 using System.Linq;
 using Iesi.Collections.Generic;
@@ -419,6 +420,9 @@ public EventListeners EventListeners
 
 		#region IObjectReference Members
 
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public object GetRealObject(StreamingContext context)
 		{
 			// the SessionFactory that was serialized only has values in the properties
diff --git a/src/NHibernate/Impl/SessionImpl.cs b/src/NHibernate/Impl/SessionImpl.cs
@@ -4,6 +4,7 @@
 using System.Data;
 using System.Linq.Expressions;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using NHibernate.AdoNet;
 using NHibernate.Collection;
@@ -135,6 +136,9 @@ private SessionImpl(SerializationInfo info, StreamingContext context)
 		/// </remarks>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags = SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			log.Debug("writting session to serializer");
diff --git a/src/NHibernate/InstantiationException.cs b/src/NHibernate/InstantiationException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -91,6 +92,9 @@ protected InstantiationException(SerializationInfo info, StreamingContext contex
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/InvalidProxyTypeException.cs b/src/NHibernate/InvalidProxyTypeException.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using System.Text;
 using System.Collections.Generic;
@@ -43,6 +44,9 @@ public InvalidProxyTypeException(SerializationInfo info, StreamingContext contex
 
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/NonUniqueObjectException.cs b/src/NHibernate/NonUniqueObjectException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -80,6 +81,9 @@ protected NonUniqueObjectException(SerializationInfo info, StreamingContext cont
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/PropertyAccessException.cs b/src/NHibernate/PropertyAccessException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -100,6 +101,9 @@ protected PropertyAccessException(SerializationInfo info, StreamingContext conte
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/PropertyValueException.cs b/src/NHibernate/PropertyValueException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using NHibernate.Util;
 
@@ -85,6 +86,9 @@ protected PropertyValueException(SerializationInfo info, StreamingContext contex
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags = SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/Proxy/DynamicProxy/ProxyObjectReference.cs b/src/NHibernate/Proxy/DynamicProxy/ProxyObjectReference.cs
@@ -9,6 +9,7 @@
 using System;
 using System.Collections.Generic;
 using System.Runtime.Serialization;
+using System.Security;
 
 namespace NHibernate.Proxy.DynamicProxy
 {
@@ -47,6 +48,9 @@ protected ProxyObjectReference(SerializationInfo info, StreamingContext context)
 
 		#region IObjectReference Members
 
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public object GetRealObject(StreamingContext context)
 		{
 			return _proxy;
@@ -56,6 +60,9 @@ public object GetRealObject(StreamingContext context)
 
 		#region ISerializable Members
 
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public void GetObjectData(SerializationInfo info, StreamingContext context) {}
 
 		#endregion
diff --git a/src/NHibernate/QueryException.cs b/src/NHibernate/QueryException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -114,6 +115,9 @@ protected QueryException(SerializationInfo info, StreamingContext context) : bas
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/StaleObjectStateException.cs b/src/NHibernate/StaleObjectStateException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using NHibernate.Impl;
 
@@ -88,6 +89,9 @@ protected StaleObjectStateException(SerializationInfo info, StreamingContext con
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/UnresolvableObjectException.cs b/src/NHibernate/UnresolvableObjectException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 using NHibernate.Impl;
 
@@ -93,6 +94,9 @@ public static void ThrowIfNull(object o, object id, string entityName)
 
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
diff --git a/src/NHibernate/WrongClassException.cs b/src/NHibernate/WrongClassException.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.Serialization;
+using System.Security;
 using System.Security.Permissions;
 
 namespace NHibernate
@@ -87,6 +88,9 @@ protected WrongClassException(SerializationInfo info, StreamingContext context)
 		/// </param>
 		[SecurityPermission(SecurityAction.LinkDemand,
 			Flags=SecurityPermissionFlag.SerializationFormatter)]
+#if NET_4_0
+		[SecurityCritical]
+#endif
 		public override void GetObjectData(SerializationInfo info, StreamingContext context)
 		{
 			base.GetObjectData(info, context);
